apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "adguard-home.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
replicas: 1
strategy:
type: {{ .Values.strategyType }}
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
{{- with .Values.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.configAsCode.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if or .Values.configAsCode.enabled .Values.securityContext.runAsUser }}
initContainers:
{{- if .Values.configAsCode.enabled }}
- name: "config"
securityContext:
readOnlyRootFilesystem: true
image: "{{ .Values.configAsCode.image.repository }}:{{ .Values.configAsCode.image.tag }}"
imagePullPolicy: {{ .Values.configAsCode.image.pullPolicy }}
command: ["sh", "-c", "cat /configmap/AdGuardHome.yaml > /opt/adguardhome/conf/AdGuardHome.yaml"]
resources: {{- toYaml .Values.configAsCode.resources | nindent 12 }}
volumeMounts:
- name: configmap
mountPath: /configmap
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false
{{- end }}
{{- if .Values.securityContext.runAsUser }}
- name: "volume-permissions"
securityContext:
readOnlyRootFilesystem: true
image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy }}
command: ["/bin/chown", "-R", "{{ .Values.securityContext.runAsUser }}:", "/opt/adguardhome/work", "/opt/adguardhome/conf"]
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
volumeMounts:
- name: work
mountPath: /opt/adguardhome/work
readOnly: false
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
{{- if .Values.timezone }}
- name: TZ
value: {{ .Values.timezone | quote }}
{{- end }}
volumeMounts:
- name: work
mountPath: /opt/adguardhome/work
readOnly: false
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false
{{- if .Values.tlsSecretName }}
- name: certs
mountPath: /certs
readOnly: false
{{- end }}
ports:
- name: http
{{- if .Values.configAsCode.enabled }}
containerPort: {{ .Values.configAsCode.config.bind_port | default 3000 }}
{{- else }}
containerPort: 3000
{{- end }}
- name: dns
{{- if .Values.configAsCode.enabled }}
containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }}
{{- else }}
containerPort: 53
{{- end }}
protocol: TCP
- name: dns-udp
{{- if .Values.configAsCode.enabled }}
containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }}
{{- else }}
containerPort: 53
{{- end }}
protocol: UDP
{{- if .Values.serviceDHCP.enabled }}
- name: dhcp-server-udp
containerPort: 67
protocol: UDP
- name: dhcp-client-tcp
containerPort: 68
protocol: TCP
- name: dhcp-client-udp
containerPort: 68
protocol: UDP
{{- end }}
{{- if .Values.serviceDNSOverTLS.enabled }}
- name: dns-over-tls
containerPort: 853
protocol: TCP
{{- end }}
{{- if .Values.serviceDNSOverHTTPS.enabled }}
- name: dns-over-https
containerPort: 443
protocol: TCP
{{- end }}
{{- if .Values.probes.liveness.enabled }}
livenessProbe:
httpGet:
path: /login.html
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
{{- end }}
{{- if .Values.probes.readiness.enabled }}
readinessProbe:
httpGet:
path: /login.html
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
{{- end }}
{{- if .Values.probes.startup.enabled }}
startupProbe:
httpGet:
path: /login.html
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.startup.failureThreshold }}
periodSeconds: {{ .Values.probes.startup.periodSeconds }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
{{- if .Values.tlsSecretName }}
- name: certs
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- if .Values.configAsCode.enabled }}
- name: configmap
configMap:
name: {{ include "adguard-home.fullname" . }}
{{- end }}
- name: config
{{- if .Values.persistence.config.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-config{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: work
{{- if .Values.persistence.work.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.work.existingClaim }}{{ .Values.persistence.work.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-work{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}